Differences
This shows you the differences between two versions of the page.
|
api:concepts:security [2009/07/30 03:15] Nate Kohari |
api:concepts:security [2009/08/03 13:41] (current) Nate Kohari |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== API Keys ===== | ===== API Keys ===== | ||
| - | Zen uses //API keys// to associate requests with the users that are making them. API keys are identified by a token, which is just a unique series of letters and numbers. Anyone can create an API key, and you can have as many keys as you like. Keys can be enabled and disabled as necessary, and all requests using a given key will be denied while the key is disabled. | + | Zen uses //API keys// to associate requests with the users that are making them. API keys are identified by a token, which is just a unique series of letters and numbers. Anyone can create an API key via the **Developer** tab on the **Settings** screen, and you can have as many keys as you like. Keys can be enabled and disabled as necessary, and all requests using a given key will be denied while the key is disabled. |
| You should typically create a separate API key for each integration that you use with Zen. That way, you can control access to the different integrations independently of one another. **Remember!** An API key authenticates you on Zen, just like a username and password. If someone intercepts your API key, they won't be able to log in to your account, but they will be able to make API calls on your behalf. Treat API keys as passwords and protect them accordingly! | You should typically create a separate API key for each integration that you use with Zen. That way, you can control access to the different integrations independently of one another. **Remember!** An API key authenticates you on Zen, just like a username and password. If someone intercepts your API key, they won't be able to log in to your account, but they will be able to make API calls on your behalf. Treat API keys as passwords and protect them accordingly! | ||